Key information that is currently in use is archived in a management server to prevent the key information from being lost. A storage device 10 is communicatably connected to a management server 60 managing key information 1. The storage device includes a memory device 21, and a controller 100 controlling the memory device. The controller implements encryption processing on data inputted and outputted to and from the memory device by using the key information. When stoppage of an operation is indicated, the controller determines whether the key information used by the controller is managed by the management server, stops the operation in a case where the key information is managed by the management server, and does not stop the operation in a case where the key information is determined not to be managed by the management server.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A storage device which is communicatably connected to a management server managing key information, the storage device comprising: a memory device; and a controller being configured to control the memory device, the controller being configured to implement encryption processing on data inputted and outputted to and from the memory device by using a piece of key information; to determine whether the key information used by the controller is managed by the management server when stoppage of an operation is indicated, and to stop the operation in a case where the key information is determined to be managed by the management server, and not to stop the operation in a case where the key information is determined not to be managed by the management server; wherein, in the case where the key information is determined not to be managed by the management server, the controller transmits the key information to the management server to register only the Lev information which is not managed by the management server, of all pieces of key information, by transmitting to the management server all the pieces of kev information including the kev information determined not to be managed by the management server, and stops the operation after confirming that the management server has registered the kev information; and wherein the controller selects a preset other management server in a case where the kev information cannot be transmitted to be registered in the management server, transmits all the pieces of kev information to the selected other management server to register, and stops the operation after confirming that the other management server has registered all the pieces of key information.
A storage device connected to a key management server encrypts/decrypts data using key information. When the device is instructed to stop, it checks if the current key is managed by the server. If the key is managed, the device stops. If not, the device uploads *all* its key information to the management server, even keys already managed. After confirmation of successful key registration, the device stops. If the main server fails to register the keys, the device attempts registration with a backup management server. The device stops after the backup server confirms successful key registration.
2. The storage device according to claim 1 , characterized in that in the case where the key information is determined not to be managed by the management server, the controller outputs a notification to that effect.
The storage device, as described above, which connects to a key management server, encrypts/decrypts data using key information, and stops operations based on key management status, also generates a notification when the key being used is *not* managed by the key management server. This notification alerts the user or system that an unmanaged key is in use.
3. The storage device according to claim 2 , characterized in that in the case where the key information is determined not to be managed by the management server, the controller outputs a notification to confirm the key information registration in the management server.
The storage device, as described above, which connects to a key management server, encrypts/decrypts data using key information, stops operations based on key management status, and notifies when an unmanaged key is used, further prompts the user to confirm whether the unmanaged key should be registered with the key management server. This confirmation request ensures the user is aware and authorizes key registration.
4. The storage device according to claim 3 , characterized in that in a case where the key information registration in the management server is authorized, the controller transmits the key information to the management server to register the information in the management server.
The storage device, as described above, which connects to a key management server, encrypts/decrypts data using key information, stops operations based on key management status, notifies when an unmanaged key is used, and prompts for key registration confirmation, proceeds to transmit the unmanaged key to the key management server for registration *only if* the user authorizes the key registration through the confirmation prompt.
5. The storage device according to claim 1 , characterized in that the controller holds key confirmation information indicating a time point at which the management server confirms the key information used by the controller, determines that the key information, in which a difference between a confirmation time point recorded in the key confirmation information and a current time point is within a prescribed time period, is managed by the management server, and stops the operation.
The storage device, as described above, which connects to a key management server and encrypts/decrypts data using key information, uses key confirmation timestamps to determine if keys are managed. It stores the last time each key was confirmed by the server. The device considers a key "managed" if the time since the last confirmation is within a defined threshold. If the key is managed (recent confirmation), the device will stop the operation.
6. The storage device according to claim 1 , characterized in that the controller transmits information concerning the key information used by the controller to the management server such that in a case where a deletion of any of the key information managed by the management server is indicated to the management server, the management server does not delete the key information used by the controller.
The storage device, as described above, which connects to a key management server and encrypts/decrypts data using key information, sends information about the keys it's currently using to the key management server. This information ensures that if a deletion request is made to the key management server, any keys currently in use by the storage device are *not* deleted, preventing data loss or access issues.
7. A controlling method for a storage device communicatably connected to a management server managing key information, the method comprising: implementing encryption processing on data inputted and outputted to and from a memory device by using key information; determining whether stoppage of an operation is indicated; determining whether the key information used by the storage device is managed by the management server in a case where the stoppage of the operation is determined to be indicated; and stopping the operation in a case where the key information is determined to be managed by the management server, and not stopping the operation in a case where the key information is determined not to be managed by the management server: wherein, in the case where the key information is determined not to be managed by the management server, the controller transmits the key information to the management server to register only the key information which is not managed by the management server, of all pieces of key information, by transmitting to the management server all the pieces of key information including the key information determined not to be managed by the management server; and stops the operation after confirming that the management server has registered the key information; and wherein the controller selects a preset other management server in a case where the key information cannot be transmitted to be registered in the management server, transmits all the pieces of key information to the selected other management server to register, and stops the operation after confirming that the other management server has registered all the pieces of key information.
A method for controlling a storage device that communicates with a key management server involves encrypting/decrypting data using key information. When a stop operation is indicated, the method checks if the key being used is managed by the server. If yes, the operation stops. If not, the method uploads *all* of the storage device's key information to the management server for registration, even keys already managed. After confirmation of successful registration, the operation stops. If the main server fails, a backup server is used and the process repeats.
8. The controlling method for a storage device according to claim 7 , characterized in that the operation is not stopped in the case where the key information is determined not to be managed by the management server, and a notification stating that the key information is not managed by the management server is outputted.
The storage device control method, as described above, involving key management server communication, encryption/decryption, and operation stopping based on key status, includes generating a notification indicating that the key is *not* managed by the key management server when the operation is not stopped. This notification informs the user or system about the unmanaged key.
9. The controlling method for a storage device according to claim 8 , characterized in that the notification also includes a notification to confirm whether the key information is registered in the management server.
The storage device control method, as described above, involving key management server communication, encryption/decryption, operation stopping based on key status, and unmanaged key notification, further includes a prompt asking the user to confirm whether the unmanaged key should be registered with the key management server.
10. The controlling method for a storage device according to claim 7 , characterized in that the key information is transmitted to the management server to be registered in the management server in the case where the key information is determined not to be managed by the management server.
The storage device control method, as described above, involving key management server communication, encryption/decryption, and operation stopping based on key status, transmits the unmanaged key to the key management server to register the key in the key management server when it's determined that the key is not managed.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 8, 2013
August 1, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.